Lucene search
K

433 matches found

EUVD
EUVD
added 2026/06/22 3:21 p.m.9 views

EUVD-2026-38266

IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:59 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-14087...

9.8CVSS8AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:51 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo [CVE-2026-35535]

Summary IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo, due to a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, which is not recognised as a fatal error and can lead to privilege escalation. CVE-2026-35535. Su...

7.8CVSS5.1AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:40 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a privilege validation bypass in Moby [CVE-2026-33997]

Summary IBM Watson Speech Services Cartridge is vulnerable to a privilege validation bypass in Moby, due to an error in the daemon's privilege comparison logic, which allows the daemon to incorrectly accept a privilege set that differs from the one approved by the user CVE-2026-33997. Moby is use...

8.4CVSS5.1AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:35 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

8.8CVSS5.3AI score0.002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:15 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Cryptography [CVE-2026-34073] [CVE-2026-39892]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation and Improper Restriction of Operations within the Bounds of a Memory Buffer in Cryptography CVE-2026-34073 CVE-2026-39892. Cryptography is used in our speech runtimes. This vulnerabilitiy has been...

9.8CVSS5.6AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:49 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE [CVE-2026-34986]

Summary IBM Watson Speech Services Cartridge is vulnerable to a runtime panic condition in Go JOSE, due to an issue occuring when cipher.KeyUnwrap in keywrap.go attempts to allocate a slice with a zero or negative length based on the length of the encryptedkey CVE-2026-34986. Go JOSE is used as...

7.5CVSS6.9AI score0.00651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:44 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux [CVE-2026-22737]

Summary IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux, where template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views CVE-2026-22737...

5.9CVSS5.9AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:32 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]

Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...

7.5CVSS7.1AI score0.00728EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:21 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...

8.7CVSS7AI score0.00671EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:11 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...

7.5CVSS6.6AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:0 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

8.7CVSS5.8AI score0.00593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:55 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]

Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...

7.5CVSS6.6AI score0.00855EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:50 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

7.5CVSS7.2AI score0.00606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:46 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...

4.8CVSS5.3AI score0.00156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:31 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto [CVE-2025-61724]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto, due to an issue in the Reader.ReadResponse function which can cause excessive CPU consumption CVE-2025-61724. Net/textproto is used in our speech utilities. This vulnerabilitiy has bee...

5.3CVSS5.6AI score0.00526EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:16 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.7AI score0.00473EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:14 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:12 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)

Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.6AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:9 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...

6.5CVSS6.7AI score0.00643EPSS
Exploits1Affected Software1
Rows per page
Query Builder